Results 1 to 4 of 4

Thread: Need Help with page redirection...

  1. Wink Need Help with page redirection...

    Hey,

    Basically here is the problem:

    I have a list of links on a site called http:// xxx.com, say 400.

    When someone clicks on a link they go to http:// xxx.com/redirect.php?http://link to site.com

    That page will then redirect to http://link to site.com via

    <meta http-equiv="refresh" content="5;url=url=.../>

    The problem is what do I put between url= and /> ?

  2. #2
    The way you propose is 1. harder to validate. 2. Someone could stick a cross site scripting attack in the url like redirect.php?<script>alert('xss');</script> . Your also missing an extra part of the query. You will need some thing for $_GET so maby use ?url=

    so redirect.php?url=http://example.com

    Then could get the url by doing

    PHP Code:
    $toRedirect $_GET['url'];
    echo 
    "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3;URL={$toRedirect}\">"


    But also you would have to validate it.. which is the hard part and I cannot think of anything at the moment quickly that would validate that.



    Better to use an Integer for the $_GET. like redirect.php?id=1 . Then in your mysql query you can get the url by the example code below, Assuming in your mysql database table there is a field called "url" that has url like "http://example.com" and also an auto_incrementing field called "id".


    Btw this code could have syntax error. I didn't run it. I just wrote it off the top of my head while posting this.
    PHP Code:
    <?php
    $id 
    false;
    // If ?id= is set is only a integer.
    if(!empty($_GET['id']) && is_numeric($_GET['id'])) {
       
     
    $id $_GET['id'];

    }
    $sql = array();
    $link mysql_connect('localhost''database_user''database_password') or die('Could not connect: ' mysql_error());
    $db_selected mysql_select_db('database_name',$link) or die(mysql_error());
    sql mysql_query('SELECT * FROM url_table WHERE id={$id}') or die("oops");
    $toRedirect mysql_fetch_assoc($sql);

    // If id does not exist
    if(!toRedirect) {
       
       
    header('HTTP/1.0 404 Not Found');
       exit(
    'Not Found');

    }

    echo  
    "<html><head><title>Redirection...</title>"
            
    "<meta http-equiv=\"refresh\" content=\"5;url={$toRedirect['url']}\"/>"
            
    "</head><body><h1>You being redirected to"
            
    "<a href=\"{$toRedirect['url']}\">{$toRedirect['url']}</a>"
            
    "</body></html>";
    Of course there is many other things you could do like count hits to the link.
    Submit new proxies -

  3. Hmm, I can't do that since I don't have the id table.

    Is there anyway in which I can just get the text after the '?' and redirect to that page ?

    EDIT: Thanks Keldorn, I used your script and it's now working, i am also able to count the hits using some other snippets of code

    If you look at WebEvader, every site which is not a premium listing and is clicked on goes to a loading page where it is then redirected...

  4. #4
    Like I said you have to validate it.

    Put this url into your browser..

    Code:
    http://www.webevader.org/redirect.php?url="><script>alert(String.fromCharCode(88,83,83))</script>
    Crafting that even more I could steal the cookies off your forum members by having them click and then hijack their profiles.
    For this case a good strip_tags(); might work

    PHP Code:
    $toRedirect strip_tags($_GET['id']); 
    It also opens up your site to being a free spam relay.

    Code:
    http://www.webevader.org/redirect.php?url=http://evilspamsite.com
    Submit new proxies -

Similar Threads

  1. [WTT] Proxy List Submission Page / Home Page Trade
    By vectro in forum Links
    Replies: 2
    Last Post: 8 December, 2010, 05:13 AM
  2. Replies: 0
    Last Post: 29 April, 2010, 11:26 AM
  3. help with htaccess redirection
    By MeetHere in forum Programming
    Replies: 10
    Last Post: 18 October, 2009, 17:01 PM
  4. How to avoid blogger redirection window?
    By hendricius in forum Blogging
    Replies: 4
    Last Post: 31 August, 2009, 07:29 AM
  5. Need help with redirection...
    By WebEvader in forum Programming
    Replies: 5
    Last Post: 30 August, 2009, 21:05 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •